Password Logging

Geoff Silver geoff+freeradius at uslinux.net
Tue Mar 14 17:39:13 CET 2006 

rlm_syslog is a module I wrote based on rlm_detail.  I submitted it as a
patch, but it's not part of the production freeradius code at this point.

You probably want to add the following...
around line 70:
	char *hidepasswd;

around line 81-82 of rlm_detail.c:
        { "hidepasswd",       PW_TYPE_BOOLEAN,
          offsetof(struct detail_instance,hidepasswd),    NULL, "yes" },

around line 288:
	if ((pair->attribute == PW_PASSWORD) &&
	    (strcmp(inst->hidepasswd, "yes") == 0)) {
		pair->next;
	}

and then add "hidepasswd = yes" to the detail sections of your radiusd.conf

andre kip wrote:
> Hi Geoff, 
> 
> I haven't been successful in getting freeradius not to
> log passwords. Where is this rlm_syslog?? I am looking
> for it at source but to no avail. ..or did you change
> rlm_detail by adding:
> 
>  if ((strstr(buf, "User-Password") != 0) &&
>      (strcmp(inst->hidepasswd, "yes") == 0)) 
>           {
>              pair->next;
>           }
> 
> regards,
> Mr. Trüffle
> 
>  
> 
>>Craig T. Hancock wrote:
>>
>>>I also want to remove the password from the log
>>
>>file. I am trying to
>>
>>>modify the rlm_detail file. I beileve the section
>>
>>that needs modifying
>>
>>>is at line 280. Before modification I just need to
>>
>>understand the
>>
>>>following lines after 280. The code with the
>>
>>comment
>>
>>>/* Don't Print passwords in old format */
>>>
>>>What is the old format compared to the new format.
>>>
>>>As far as what to change what is the
>>
>>pair->attribute
>>
>>>for User-Password statement. I would presume it
>>
>>would be
>>
>>>PW_PASSWORD_REQUEST.
>>>
>>>My thinking is is to do something like this
>>>
>>>if (compat && (pair->attribute ==
>>
>>PW_PASSWORD_REQUEST)) {
>>
>>>    pair = pair->next;
>>>    continue;
>>>
>>>
>>>Is that correct?
>>>
>>>
>>>
>>>
>>>Alan DeKok wrote:
>>>
>>>
>>>>andre kip <xu178 at yahoo.de> wrote:
>>>>
>>>>
>>>>>1. Where is the rlm_detail module? I only see
>>
>>*.so and
>>
>>>>>*.la files which seem not to be the ones. man
>>>>>rlm_detail doesn't help either.
>>>>
>>>>
>>>>
>>>>  Try looking at the source.
>>>>
>>>>
>>>>
>>>>>2. I managed to use encrypted passwords in the
>>
>>user
>>
>>>>>file. Is it possible to store encrypted shared
>>
>>secret
>>
>>>>>both in server and client?
>>>>
>>>>
>>>>
>>>>  No.
>>>>
>>>>  Alan DeKok.
>>>>- List info/subscribe/unsubscribe? See
>>>>http://www.freeradius.org/list/users.html
>>>>
>>>
>>>- List info/subscribe/unsubscribe? See
>>>http://www.freeradius.org/list/users.html
>>
>>- 
>>List info/subscribe/unsubscribe? See
>>http://www.freeradius.org/list/users.html
>>
> 
> 
> 
> 
> 	
> 
> 	
> 		
> ___________________________________________________________ 
> Telefonate ohne weitere Kosten vom PC zum PC: http://messenger.yahoo.de

More information about the Freeradius-Users mailing list